Headline
CVE-2022-37315: Infinite recursion on malformed input (parseTypeSystemDefinition) · Issue #637 · graphql-go/graphql
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.
Simple input String r crashes the parser with infinite recursion.
func TestInfiniteRecursion(t *testing.T) { body := `String r` source := source.NewSource(&source.Source{ Body: []byte(body), }) _, err := Parse( ParseParams{ Source: source, Options: ParseOptions{ NoSource: true, }, }, ) if err != nil { t.Fatalf("unexpected error: %v", err) } }
untime: goroutine stack exceeds 1000000000-byte limit
runtime: sp=0xc020178350 stack=[0xc020178000, 0xc040178000]
fatal error: stack overflow
runtime stack:
runtime.throw({0x581369?, 0x67d3c0?})
/usr/lib/go/src/runtime/panic.go:992 +0x71
runtime.newstack()
/usr/lib/go/src/runtime/stack.go:1101 +0x5cc
runtime.morestack()
/usr/lib/go/src/runtime/asm_amd64.s:547 +0x8b
goroutine 50 [running]:
runtime.mapaccess2_faststr(0x55ce00?, 0xc0000aa510?, {0xc0001630b8, 0x6})
/usr/lib/go/src/runtime/map_faststr.go:108 +0x3ee fp=0xc020178360 sp=0xc020178358 pc=0x41254e
github.com/graphql-go/graphql/language/parser.parseTypeSystemDefinition(0xc00015a8c0)
/tmp/graphql/language/parser/parser.go:867 +0x146 fp=0xc02017ca88 sp=0xc02017c9d0 pc=0x533006
github.com/graphql-go/graphql/language/parser.parseTypeSystemDefinition(0xc00015a8c0)
/tmp/graphql/language/parser/parser.go:867 +0x146 fp=0xc02017ca88 sp=0xc02017c9d0 pc=0x533006
...additional frames elided...
created by testing.(*T).Run
/usr/lib/go/src/testing/testing.go:1486 +0x35fRelated news
GHSA-h3qm-jrrf-cgj3: graphql-go through 0.8.0 has infinite recursion in the type definition parser
graphql-go (aka GraphQL for Go) through 0.8.0 has infinite recursion in the type definition parser.